How can i disable SSH access for all reseller and client

A

albertg

New member
Joined
Jul 11, 2004
Messages
1
Hi,

Wondering whether if there is an option i can set to disable SSH access for resellers / clients.

Perhaps, when creating a new package, the option to enable/disable SSH can be hide / or set to disable by default and cannot be switch on.

Thanks.
 
When logged in as admin, you can modify your resellers priviledges to limit them from being able to grant ssh access to their users. It won't hide the option, but it will grey out the box so they can not select it.
 
thuskey said:
When logged in as admin, you can modify your resellers priviledges to limit them from being able to grant ssh access to their users. It won't hide the option, but it will grey out the box so they can not select it.
Click to expand...

In sshd-config (or something like that) which is located in /etc/ssh/ (this is redhat) there is a line that says "allowusers" rm every line that starts with that except for root or user u want to access it... restart ssh... tada

Thats an manual way:)
 
thuskey said:
When logged in as admin, you can modify your resellers priviledges to limit them from being able to grant ssh access to their users. It won't hide the option, but it will grey out the box so they can not select it.
Click to expand...

Actually, this method does not work on any of my FreeBSD servers. On some servers, I've semi-autmated the manual method; on others, I guess, I've ignored it for now.
 
#!/bin/bash

for RESELLER in admin $(cat /usr/local/directadmin/data/admin/reseller.list)
do

# Switch Off Resellers ability to grant SSH

USERSSH=$(grep userssh= /usr/local/directadmin/data/users/${RESELLER}/reseller.conf)

if [ ${USERSSH} = "userssh=ON" ]
then

sed -i "s/userssh=ON/userssh=OFF/g" /usr/local/directadmin/data/users/${RESELLER}/reseller.conf

fi

# Fix Resellers packages to not contain ssh for their users

for PACKAGE in $(cat /usr/local/directadmin/data/users/${RESELLER}/packages.list)
do

USERSSH=$(grep ssh= /usr/local/directadmin/data/users/${RESELLER}/packages/${PACKAGE}.pkg)

if [ ${USERSSH} = "ssh=ON" ]
then

sed -i "s/ssh=ON/ssh=OFF/g" /usr/local/directadmin/data/users/${RESELLER}/packages/${PACKAGE}.pkg

fi

done

# Fix Users with SSH

for USER in ${RESELLER} $(cat /usr/local/directadmin/data/users/${RESELLER}/users.list)
do

USERSSH=$(grep ssh= /usr/local/directadmin/data/users/${USER}/user.conf)

if [ ${USERSSH} = "ssh=ON" ]
then

sed -i "s/ssh=ON/ssh=OFF/g" /usr/local/directadmin/data/users/${USER}/user.conf
sed -i "/AllowUsers ${USER}/d" /etc/ssh/sshd_config
chsh -s /bin/false ${USER}

fi

done

done

This would disable all SSH access for directadmin users changing the Resellers ability to grant SSH to in packages, and remove SSH from Resellers packages

Edited to mention that you should restart SSHD
 
Last edited:
You must log in or register to reply here.
Back
Top